At long last, malware scanning comes to Google’s Android Market

Following criticism that it doesn't do enough to police its own App bazaar for …

Google engineers have unveiled a cloud-based service that scours the Android Market for malicious smartphone apps.

Bouncer, as the scanner is called, automatically checks each title in the Google app bazaar to make sure it doesn't match signatures of known malware, Hiroshi Lockheimer, vice president of Android Engineering, told Ars. It also looks for clues that apps contain surreptitiously abusive behavior by running them through a system that simulates an Android device. The scan happens when developers first upload an app to the Market and then periodically after that.

For years, critics have said Google doesn't do enough to police its own servers for apps that steal user data, rack up expensive charges, and carry out other undisclosed abuse. Google's guidelines for Android developers promise they have "complete control over when and how they make their applications available to users." While many developers and users welcome the freedom, it has also allowed malware purveyors to install their titles on tens of thousands of Android phones.

"We really designed this in a way to maintain the flow the users and developers are familiar with," Lockheimer said. "Android has been a comfortable place for users to download and purchase apps from."

Bouncer has been up and running for about six months, he said. Google saw a 40 percent decrease in the number of potentially malicious downloads in the second half of 2011 compared to the first half. Google blogged about the scanner here.